Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [STDS-802-21] NISTIR 7298 link

To: Greg Daley <gdaley@xxxxxxxxxxxxxxxx>
Subject: Re: [STDS-802-21] NISTIR 7298 link
From: Yoshihiro Ohba <yoshihiro.ohba@xxxxxxxxxxxxx>
Date: Thu, 19 Jul 2012 19:29:24 +0900
Cc: STDS-802-21@xxxxxxxxxxxxxxxxx
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
In-reply-to: <8155FD1BB2ABCD40AC6F8149BBE997E00508F6FD0689@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <https://listserv.ieee.org/cgi-bin/wa?LIST=STDS-802-21>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-802-21>
List-owner: <mailto:STDS-802-21-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:STDS-802-21-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:STDS-802-21-unsubscribe-request@LISTSERV.IEEE.ORG>
References: <5963DDF1F751474D8DEEFDCDBEE43AE716E15AC6@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4FF33B33.1030208@xxxxxxxxxxxx> A <5963DDF1F751474D8DEEFDCDBEE43AE716E15D1F@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <D60519DB022FFA48974A25955FFEC08C04959A6F@xxxxxxxxxxxxxxxxxxxx> <5963DDF1F751474D8DEEFDCDBEE43AE716E15D5E@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <38302E030FE85048B082A0DB9B8FC59026E098AB8A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <16F113FE6689D24D9A2B8229FD4540B026D0A55801@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <5963DDF1F751474D8DEEFDCDBEE43AE716E16029@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <16F113FE6689D24D9A2B8229FD4540B026D0A55830@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <5963DDF1F751474D8DEEFDCDBEE43AE716E16050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <529D71A1B088AC46A578FB1485530D6D010D63047662@xxxxxxxxxxxxxxxxxxx> <50073300.7010606@xxxxxxxxxxxxx> <500795E7.8050505@xxxxxxxxxxxxx> <8155FD1BB2ABCD40AC6F8149BBE997E00508F6FD0689@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: stds-802-21@xxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1

Hi Greg,

Thank you for the clarification question.

We are trying to protect multicast content carried in MIH message.

In fact, we have already identified several MSEC deliverables (GDOI,
GSAKMP and MIKEY) in
https://mentor.ieee.org/802.21/dcn/12/21-12-0059-00-MuGM-identification-of-sdos-related-to-802-21d.ppt.

On the other hand, we are not sure how the MSEC deliverables can be
used as multicast key management for MIH, and not sure if the MSEC
deliverables satisfy scalability requirements for 802.21d where a
group size can be tens of thousands.  You are welcomed to help us with
giving some detailed guidances.

Best Regards,
Yoshihiro Ohba


(2012/07/19 14:26), Greg Daley wrote:
> Hi,
> 
> I can only see the preceding message in this thread for some reason.  (I am assuming this is a TGd thread)
> 
> Can I ask a clarifying question?
> 
> Are we protecting access to multicast content, or protecting users' data streams from being rehomed passed to another link due to someone else's movement?
> 
> If we are authenticating or keying for multicast content protection, then the group keying mechanisms from MSEC are applicable.
> 
> If we are performing authentication to prevent content stealing or DoS, it is still possible we are looking at a one-to-one trust mechanism, where the wireless client proves its identity to the network, and the network determines if it has a trust chain back to an authority trusted by the client.
> 
> How this proof of trust occurs is orthogonal to the base signalling mechanism, and could be an existing two-party certificate exchange system, or group oriented.
> 
> The host is effectively only in one (or a few places) at a time, and when the device proves that it is valid for Unicast, it also proves it is valid for Multicast (but may not be selecting to move its streams)
> 
> 
> Sincerely,
> 
> Greg
> 
>> Hi Charles,
>>
>> (2012/07/19 7:04), Charles E. Perkins wrote:
>>> Hello folks,
>>>
>>> Here are some materials on secure multicast.
>>>        http://datatracker.ietf.org/wg/msec/charter/
>>>
>>> Please let me know whether these are applicable, and what else might
>>> be needed for securing wide-area multicast.
>>>
>>> While I do see that neighboring MIH domains have use cases for
>>> multicast, I am confused about how it might be that such use cases
>>> could apply to groups of networks with thousands of PoSs.
>>
>> If IP multicast is always available to support groups of networks with
>> thousands of PoSs, then we should just use it, but my point is that is not
>> always the case (i.e., there may be some router that does not support IP
>> multicast).  I think application-layer multicast can fill the gap.  On the
>> other hand, application-layer multicast does not have to be based on
>> RELOAD/DHT.
>>
>> Regards,
>> Yoshihiro Ohba
>>
> 
> Greg Daley
> Solutions Architect
> Logicalis Australia Pty Ltd
> gdaley@xxxxxxxxxxxxxxxx
> t +61 3 8532 4042
> m +61 401 772 770
>

References:
- Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Peter McCann
- RE: [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Peter McCann
- RE: [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Zuniga, Juan Carlos
- RE: [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Peter McCann
- [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Feder, Peretz (Peretz)
- RE: [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Peter McCann
- RE: [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Feder, Peretz (Peretz)
- RE: [STDS-802-21] Comments on 21-12-0067-01-srho-tgc-proposal
  - From: Peter McCann
- NISTIR 7298 link
  - From: Chasko, Stephen
- Re: [STDS-802-21] NISTIR 7298 link
  - From: Charles E. Perkins
- Re: [STDS-802-21] NISTIR 7298 link
  - From: Yoshihiro Ohba
- RE: [STDS-802-21] NISTIR 7298 link
  - From: Greg Daley

Prev by Date: FW: [802-ARCH] Proposed comment resolutions uploaded
Next by Date: RE: [STDS-802-21] NISTIR 7298 link
Previous by thread: RE: [STDS-802-21] NISTIR 7298 link
Next by thread: Moving the 802.21(c) examples to an Appendix
Index(es):
- Date
- Thread